package com.hnyfkj.jyindustry.common.xss;

import com.hnyfkj.jyindustry.common.exception.HnyfkjBusinessException;
import org.apache.commons.lang3.StringUtils;

/**
 * @program: jyindustry
 * @description:sql过滤类，防止sql注入攻击
 * @author: zl
 * @create: 2020-07-09 18:05
 **/
public class SQLFilter {

	/**
	 * SQL注入过滤
	 * 
	 * @param str
	 *            待验证的字符串
	 */
	public static String sqlInject(String str) {
		if (StringUtils.isBlank(str)) {
			return null;
		}
		// 去掉'|"|;|\字符
		str = StringUtils.replace(str, "'", "");
		str = StringUtils.replace(str, "\"", "");
		str = StringUtils.replace(str, ";", "");
		str = StringUtils.replace(str, "\\", "");

		// 转换成小写
		str = str.toLowerCase();

		// 非法字符
		final String[] keywords = { "master", "truncate", "insert", "select", "delete", "update", "declare", "alert",
				"drop" };

		// 判断是否包含非法字符
		for (final String keyword : keywords) {
			if (str.indexOf(keyword) != -1) {
				throw new HnyfkjBusinessException("包含非法字符");
			}
		}

		return str;
	}
}
